<?

if (!$user)
{
  include "page_personal_logon.php";
  return;
}

$PageTitle=$msg["Page_ChangePassword"];

include "div_menu_personal.php";


if (!$_POST) 
{
  make_form();
}
else
{
  if (change_password()) 
  {
    $_SESSION["user"] = db_read_user_by_id($user["id"]);

    print_continue($msg["PasswordChanged"], "personal");
  } 
  else 
  {
    make_form();
  };
};


//-----------------------------------------------------------------------------

function make_form() 
{
  global $msg;
?>

<!-- Change password form -->

<div class="form_area">
<div class="form_div">
<form action="personal_change_password" method="post">

  <fieldset class="fields1">

  <dl>
    <dt><label for="oldpassword"><?=$msg["OldPassword"];?></label></dt>
    <dd><input type="password" size="25" tabindex="1" name="oldpassword" id="oldpassword"/></dd>
  </dl>

  <dl>
    <dt><label for="newpassword"><?=$msg["NewPassword"];?></label></dt>
    <dd><input type="password" size="25" tabindex="2" name="newpassword" id="newpassword"/></dd>
  </dl>

  <dl>
    <dt><label for="newpassword1"><?=$msg["Password1"];?></label></dt>
    <dd><input type="password" size="25" tabindex="3" name="newpassword1" id="newpassword1"/></dd>
  </dl>

  <dl class="button_div">
    <button type="submit" tabindex="4" name="save"><?=$msg["Change"];?></button>
    &nbsp;
    <button type="button" tabindex="5" name="cancel" onClick="window.location.href='personal'"><?=$msg["Cancel"];?></button>
  </dl>

  </fieldset>

</form>
</div>
</div>

<?php
};


function change_password() 
{
  global $msg;
  global $user;

  $n = 0;

  try 
  {
    db_call();

    $oldpassword = $_POST["oldpassword"];
    $oldpassword1 = ($oldpassword <> "") ? sha1($oldpassword) : "";

    if ($oldpassword1 <> $user["password"])
    {
      $errors[$n++] = $msg["BadPassword"];
    }

    $newpassword = $_POST["newpassword"];
    if ($newpassword == "") 
    {
      $errors[$n++] = $msg["NoPassword"];
    } 
    else 
    {
      if ($newpassword <> $_POST["newpassword1"]) 
      {
        $errors[$n++] = $msg["PasswordMismatch"];
      }
    }

    if ($n == 0) 
    {
      db_change_password($user["id"], sha1($newpassword));
    }
  } 
  catch (Exception $e) 
  {
    $errors[$n++] = $e->getMessage();
  }


  if ($n <> 0) 
  {
    print_errors($errors);
    return False;
  }

  return True;
};

?>
